mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-31 17:39:05 +00:00
Merge branch 'develop' into feature/REPO-2626_HB2.0
This commit is contained in:
Erik Knizat
@@ -614,11 +614,13 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
|
||||
}
|
||||
|
||||
// set recipient
|
||||
String to = (String)ruleAction.getParameterValue(PARAM_TO);
|
||||
String to = (String)ruleAction.getParameterValue(PARAM_TO);
|
||||
String toRecipients = null;
|
||||
if (to != null && to.length() != 0)
|
||||
{
|
||||
messageRef[0].setTo(to);
|
||||
|
||||
toRecipients = to;
|
||||
|
||||
// Note: there is no validation on the username to check that it actually is an email address.
|
||||
// TODO Fix this.
|
||||
|
||||
@@ -777,7 +779,8 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
|
||||
|
||||
if(recipients.size() > 0)
|
||||
{
|
||||
messageRef[0].setTo(recipients.toArray(new String[recipients.size()]));
|
||||
messageRef[0].setTo(recipients.toArray(new String[recipients.size()]));
|
||||
toRecipients = String.join(",", recipients);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -925,7 +928,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
|
||||
}
|
||||
|
||||
// build the email template model
|
||||
Map<String, Object> model = createEmailTemplateModel(actionedUponNodeRef, suppliedModel, fromPerson);
|
||||
Map<String, Object> model = createEmailTemplateModel(actionedUponNodeRef, suppliedModel, fromPerson, toRecipients);
|
||||
|
||||
// Determine the locale to use to send the email.
|
||||
Locale locale = recipient.getSecond();
|
||||
@@ -1044,8 +1047,8 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
|
||||
{
|
||||
// Send the message unless we are in "testMode"
|
||||
if (!testMode)
|
||||
{
|
||||
mailService.send(preparedMessage.getMimeMessage());
|
||||
{
|
||||
mailService.send(preparedMessage.getMimeMessage());
|
||||
onSend();
|
||||
}
|
||||
else
|
||||
@@ -1054,7 +1057,7 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
|
||||
testSentCount++;
|
||||
}
|
||||
}
|
||||
catch (MailException e)
|
||||
catch (NullPointerException | MailException e)
|
||||
{
|
||||
onFail();
|
||||
String to = (String)ruleAction.getParameterValue(PARAM_TO);
|
||||
@@ -1500,15 +1503,20 @@ public class MailActionExecuter extends ActionExecuterAbstractBase
|
||||
*
|
||||
* @return Model map for email templates
|
||||
*/
|
||||
private Map<String, Object> createEmailTemplateModel(NodeRef ref, Map<String, Object> suppliedModel, NodeRef fromPerson)
|
||||
private Map<String, Object> createEmailTemplateModel(NodeRef ref, Map<String, Object> suppliedModel, NodeRef fromPerson, String toRecipents)
|
||||
{
|
||||
Map<String, Object> model = new HashMap<String, Object>(8, 1.0f);
|
||||
|
||||
if (fromPerson != null)
|
||||
{
|
||||
model.put("person", new TemplateNode(fromPerson, serviceRegistry, null));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (toRecipents != null)
|
||||
{
|
||||
model.put("to", toRecipents);
|
||||
}
|
||||
|
||||
if (ref != null)
|
||||
{
|
||||
model.put("document", new TemplateNode(ref, serviceRegistry, null));
|
||||
|
||||
@@ -1,28 +1,28 @@
|
||||
/*
|
||||
* #%L
|
||||
* Alfresco Repository
|
||||
* %%
|
||||
* Copyright (C) 2005 - 2016 Alfresco Software Limited
|
||||
* %%
|
||||
* This file is part of the Alfresco software.
|
||||
* If the software was purchased under a paid Alfresco license, the terms of
|
||||
* the paid license agreement will prevail. Otherwise, the software is
|
||||
* provided under the following open source license terms:
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
* #L%
|
||||
*/
|
||||
/*
|
||||
* #%L
|
||||
* Alfresco Repository
|
||||
* %%
|
||||
* Copyright (C) 2005 - 2016 Alfresco Software Limited
|
||||
* %%
|
||||
* This file is part of the Alfresco software.
|
||||
* If the software was purchased under a paid Alfresco license, the terms of
|
||||
* the paid license agreement will prevail. Otherwise, the software is
|
||||
* provided under the following open source license terms:
|
||||
*
|
||||
* Alfresco is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Alfresco is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
|
||||
* #L%
|
||||
*/
|
||||
package org.alfresco.repo.site;
|
||||
|
||||
import java.util.List;
|
||||
@@ -31,6 +31,7 @@ import org.alfresco.repo.domain.node.NodeDAO;
|
||||
import org.alfresco.repo.domain.node.NodeIdAndAclId;
|
||||
import org.alfresco.repo.domain.permissions.Acl;
|
||||
import org.alfresco.repo.domain.permissions.AclDAO;
|
||||
import org.alfresco.repo.security.authentication.AuthenticationUtil;
|
||||
import org.alfresco.repo.security.permissions.ACLType;
|
||||
import org.alfresco.repo.security.permissions.AccessControlEntry;
|
||||
import org.alfresco.repo.security.permissions.AccessControlList;
|
||||
@@ -99,62 +100,70 @@ public class SitesPermissionCleaner
|
||||
|
||||
public void cleanSitePermissions(final NodeRef targetNode, SiteInfo containingSite)
|
||||
{
|
||||
if (nodeDAO.exists(targetNode))
|
||||
if (!nodeDAO.exists(targetNode))
|
||||
{
|
||||
// We can calculate the containing site at the start of a recursive call & then reuse it on subsequent calls.
|
||||
if (containingSite == null)
|
||||
{
|
||||
containingSite = siteServiceImpl.getSite(targetNode);
|
||||
}
|
||||
return;
|
||||
}
|
||||
// We can calculate the containing site at the start of a recursive call & then reuse it on subsequent calls.
|
||||
if (containingSite == null)
|
||||
{
|
||||
containingSite = siteServiceImpl.getSite(targetNode);
|
||||
}
|
||||
|
||||
// Short-circuit at this point if the node is not in a Site.
|
||||
if (containingSite != null)
|
||||
// Short-circuit at this point if the node is not in a Site.
|
||||
if (containingSite == null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
// For performance reasons we navigate down the containment hierarchy using the DAOs
|
||||
// rather than the NodeService. Note: direct use of NodeDAO requires tenantService (ALF-12732).
|
||||
final Long targetNodeID = nodeDAO.getNodePair(tenantService.getName(targetNode)).getFirst();
|
||||
final Long targetNodeAclID = nodeDAO.getNodeAclId(targetNodeID);
|
||||
Acl targetNodeAcl = aclDAO.getAcl(targetNodeAclID);
|
||||
|
||||
// Nodes that don't have defining ACLs do not need to be considered.
|
||||
if (targetNodeAcl.getAclType() == ACLType.DEFINING)
|
||||
{
|
||||
AccessControlList targetNodeAccessControlList = aclDAO.getAccessControlList(targetNodeAclID);
|
||||
List<AccessControlEntry> targetNodeAclEntries = targetNodeAccessControlList.getEntries();
|
||||
for (AccessControlEntry entry : targetNodeAclEntries)
|
||||
{
|
||||
// For performance reasons we navigate down the containment hierarchy using the DAOs
|
||||
// rather than the NodeService. Note: direct use of NodeDAO requires tenantService (ALF-12732).
|
||||
final Long targetNodeID = nodeDAO.getNodePair(tenantService.getName(targetNode)).getFirst();
|
||||
final Long targetNodeAclID = nodeDAO.getNodeAclId(targetNodeID);
|
||||
Acl targetNodeAcl = aclDAO.getAcl(targetNodeAclID);
|
||||
|
||||
// Nodes that don't have defining ACLs do not need to be considered.
|
||||
if (targetNodeAcl.getAclType() == ACLType.DEFINING)
|
||||
String authority = entry.getAuthority();
|
||||
|
||||
String thisSiteGroupPrefix = siteServiceImpl.getSiteGroup(containingSite.getShortName(), true);
|
||||
|
||||
// If it's a group site permission for a site other than the current site
|
||||
if (authority.startsWith(PermissionService.GROUP_PREFIX) &&
|
||||
// And it's not GROUP_EVERYONE
|
||||
!authority.startsWith(PermissionService.ALL_AUTHORITIES) && !authority.startsWith(thisSiteGroupPrefix) &&
|
||||
// And if the current user has permissions to do it
|
||||
publicServiceAccessService.hasAccess("PermissionService", "clearPermission", targetNode, authority) == AccessStatus.ALLOWED)
|
||||
{
|
||||
AccessControlList targetNodeAccessControlList = aclDAO.getAccessControlList(targetNodeAclID);
|
||||
List<AccessControlEntry> targetNodeAclEntries = targetNodeAccessControlList.getEntries();
|
||||
for (AccessControlEntry entry : targetNodeAclEntries)
|
||||
{
|
||||
String authority = entry.getAuthority();
|
||||
|
||||
String thisSiteGroupPrefix = siteServiceImpl.getSiteGroup(containingSite.getShortName(), true);
|
||||
|
||||
// If it's a group site permission for a site other than the current site
|
||||
if (authority.startsWith(PermissionService.GROUP_PREFIX) &&
|
||||
!authority.startsWith(PermissionService.ALL_AUTHORITIES) && // And it's not GROUP_EVERYONE
|
||||
!authority.startsWith(thisSiteGroupPrefix))
|
||||
{
|
||||
// And if the current user has permissions to do it
|
||||
if (publicServiceAccessService.hasAccess("PermissionService", "clearPermission", targetNode, authority) == AccessStatus.ALLOWED)
|
||||
{
|
||||
// Then remove it.
|
||||
permissionService.clearPermission(targetNode, authority);
|
||||
}
|
||||
if (publicServiceAccessService.hasAccess("PermissionService", "setInheritParentPermissions", targetNode, true) == AccessStatus.ALLOWED)
|
||||
{
|
||||
// And reenable permission inheritance.
|
||||
permissionService.setInheritParentPermissions(targetNode, true);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
// Then remove it.
|
||||
permissionService.clearPermission(targetNode, authority);
|
||||
}
|
||||
|
||||
// Recurse
|
||||
List<NodeIdAndAclId> childNodeIds = nodeDAO.getPrimaryChildrenAcls(targetNodeID);
|
||||
for (NodeIdAndAclId nextChild : childNodeIds)
|
||||
|
||||
if (!permissionService.getInheritParentPermissions(targetNode))
|
||||
{
|
||||
cleanSitePermissions(nodeDAO.getNodePair(nextChild.getId()).getSecond(), containingSite);
|
||||
// The site manager from the new site, where this node was moved to, has to have permission to this node
|
||||
String siteManagerAuthority = thisSiteGroupPrefix + "_" + SiteModel.SITE_MANAGER;
|
||||
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Void>()
|
||||
{
|
||||
public Void doWork() throws Exception
|
||||
{
|
||||
permissionService.setPermission(targetNode, siteManagerAuthority, SiteModel.SITE_MANAGER, true);
|
||||
return null;
|
||||
}
|
||||
}, AuthenticationUtil.getSystemUserName());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Recurse
|
||||
List<NodeIdAndAclId> childNodeIds = nodeDAO.getPrimaryChildrenAcls(targetNodeID);
|
||||
for (NodeIdAndAclId nextChild : childNodeIds)
|
||||
{
|
||||
cleanSitePermissions(nodeDAO.getNodePair(nextChild.getId()).getSecond(), containingSite);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user